The Living Dead: The Resurrection of Cyber-Espionage Operations

Last December Kaspersky Lab, published its threat forecast for 2014. Three months later, the experts found that all three of their ‘End user forecasts’ had already been confirmed.

They said that cybercriminals would target...

- your privacy, leading to greater popularity for VPN (virtual private network) services and Tor-anonymizers (The Onion Router). The number of people turning to the Darknet in an attempt to safeguard their personal data is indeed increasing.

But as well as benevolent users Tor continues to attract dark forces – anonymous networks can conceal malware activity, trading on illegal sites, and money laundering.

- your money. The experts expected cybercriminals to continue developing tools to steal cash. This was confirmed by the detection of Trojan-SMS.AndroidOS.Waller.a in March.

It is capable of stealing money from QIWI electronic wallets belonging to the owners of infected smartphones. The Trojan currently only targets Russian users, but it is capable of spreading anywhere where e-wallets are managed using text messages.

In the first three months of the year there were lots of incidents that proved this prediction was correct.

Among the more newsworthy were the hack of MtGox, one of the biggest bitcoin exchanges, the hacking of the personal blog and Reddit account of MtGox CEO Mark Karpeles and using them to post the MtGox2014Leak.zip which actually turned out to be malware capable of searching for and stealing Bitcoin wallet files from victims.

The first quarter also saw a major cyber-espionage incident: in February Kaspersky Lab published a report on one of the most advanced threats at the current time named The Mask.

The main target was confidential information belonging to state agencies, embassies, energy companies, research institutes, private investment companies, as well as activists from 31 countries.

According to the researchers, the complexity of the toolset used by the attackers and several other factors suggest this could be a state-sponsored campaign.

Q1 in Figures

• 33.2% of user computers worldwide were subjected to at least one web-based attack during the past three months – a decrease of 5.9 percentage points compared to the same period last year.
• 39% of neutralized web attacks were carried out using malicious web resources located in the US and Russia; the combined figure for the same two countries was 5 percentage points higher in Q1 2013. They were followed by the Netherlands (10.8%), Germany (10.5%), and the UK (6.3%)
• The proportion of threats targeting Android exceeded 99% of all mobile malware. Mobile malware increased by 1 percentage point over the quarter.
• At the end of 2013 Kaspersky Lab’s collection of mobile malware stood at 189, 626, but in Q1 2014 alone 110 324 new malicious programs were added. By the end of the quarter there were 299,950 samples in the collection.